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CLAIMS : 

What is claimed is: 

1. A metnod in data processing system for performing an 
operation using a key comprising; 

receiving a call to perform the operation using the 

key; 

identifiying(^a roujtine to perform the operation; 
^identifying a keystore containing the key; 
creating a data structure used by the routine to 
execute the operation; 

sending jthe data structure to the routine. 

2. The methcbd of claim 1 further comprising: 
determining whether the key is located in the 

keystore; and 

responsiv^ to the key being absent from the 
keystore, inhibiting the sending step. 

3. The method! of claim 1, wherein the routing and the 
keystore are identified using the data structure. 



4. The method of claim 3, wherein the data structure is 
a configuration associated with an application 
originating the call. 



5. The method op claim 1, wherein the keystore is one 
of a virtual keys:ore, a keystore, an adapter, and a 
keystore in a smart card. 

6. The method of claim 1, wherein the routine is a 
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Common Data Security Architecture plug-in. 

7 . The method of claim 1 further comprising 
initializir^g the routine prior to sending the data 
structure tk> the routine. 



10 



8. The method of claim 1, wherein the call is received 
from an application and further comprising: 

receiving a result from the operation; and 
returning the result to the application. 
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9. The methdd of claim 8 further comprising; 
responsive to receiving the result, performing any 

necessary updattes to objects in the keys tore. 

10. A cryptographic system for use in a data processing 
system comprising: 

a security llayer; 

a plurality! of cryptographic routines, wherein the 
plurality of cryptographic routines are accessed through 
the security layer ; 

a keys tore; land 

a keystore application program interface layer 
coupled to the security layer, wherein the keystore 



application progr. 
an application to 



interface layer receives a call from 
perform a cryptographic operation, 
identifies a routine, calls the routine to perform the 
cryptographic operation, receives a result from the 
routine, and returns the result to the application. 

11. The cryptographic system of claim 10, wherein the 
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security layer is a Common Data Security Architecture 
layer . 

12. The cryptographic system claim 10, wherein the 
plurality of pryptographic routines are a plurality of 
plug-ins . 
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13. The cryptographic system of claim 10, wherein the 
keystore is within a plurality of keystores and wherein 
the keystore application program interface layer 



identifies the 



keystore form the plurality of keystores, 



14. The cryptographic system of claim 10, wherein the 
routine and the keystore are identified in the data 
15 processing system accessed by the keystore application 
program interface layer. 
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15. The c 
keystore applicajt 
updates to the 
result from the 



ic system of claim 10, wherein the 
ion program interface layer performs 
keystore in response to receiving the 
::outine . 



16. The cryptographic system claim 10, wherein the 
keystore application program interface layer initializes 

25 the routine used to perform the cryptographic operation. 

17 . A data processing system for performing an operation 
using a key comprising; 

receiving njeans for receiving a call to perform the 



30 operation using 



first identifying means for identifying a routine to 



the key; 
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perform the operation; 

second identifying means for identifying a keys tore 
containing theVkey ; 

creating means for creating a data structure used by 
the routine to execute the operation; 



routine 



sending mean^ for sending the data structure to the 
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18. The data processing system of claim 17 further 
comprising : 

determining mekns for determining whether the key is 
located in the keyspore; and 

responsive to the key being absent from the 
keys tore, for inhibiting the sending step. 

19. The data processing system of claim 17, wherein the 
routing and the key4tore are identified using the data 
structure . 



20 20. The data processing system of claim 19, wherein the 
data structure is a configuration associated with an 
application originating the call. 



21. The data proces 
25 keys tore is one of 
adapter, and a keys 
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sing system of claim 17, wherein the 
virtual keystore, a keys tore, an 
tbre in a smart card. 



22. The data proces 
routine is a Common 



sing system of claim 17, wherein the 
Data Security Architecture plug-in. 



23. The data proceissing system of claim 17 further 
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A 

comprising initializing the routine prior to sending the 
data structure \to the routine. 

24. The data processing system of claim 17, wherein the 
call is received! from an application, and wherein the 
receiving means Is a first receiving means, further 
comprising: ' 

second receiving means for receiving a result from 
the operation; and 

returning means for returning the result to the 
application. 

25. The data processing system of claim 24 further 
comprising : 

performing means responsive to receiving the result, 
for performing anjy necessary updates to objects in the 
keystore . 



26. A computer program product in a computer readable 
20 medium for performing an operation using a key, the 
computer program product comprising; 

first instructions for receiving a call to perform 
the operation using the key; 

second instructions for identifying a routine to 
25 perform the operation; 

third instructions for identifying a keystore 
containing the key; 

fourth instructions for creating a data structure 
used by the routine to execute the operation; 
30 fifth instructions for sending the data structure to 

the routine. 
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